Microsoft Warns of Poisoned MCP Tool Risk
🛡️ New Microsoft research shows attackers can hijack AI agents by poisoning a tool's description so the agent quietly exfiltrates company data. The attack leverages MCP tool descriptions—plain text that agents read—to inject hidden instructions, allowing malicious actions without obvious rule violations. Microsoft recommends treating tool descriptions as system prompts, restricting approved tools, enforcing human approval for risky actions, and monitoring agent identities and behavior.
